PHP :: Bug #5937 :: Path revealing security hole

Bug #5937	Path revealing security hole
Submitted:	2000-08-03 08:08 UTC	Modified:	2000-08-03 09:30 UTC
From:	expert at securiteam dot com	Assigned:
Status:	Closed	Package:	Other
PHP Version:	4.0.1pl2	OS:	All
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	expert at securiteam dot com
New email:
PHP Version:		OS:

New Comment:

[2000-08-03 08:08 UTC] expert at securiteam dot com

Description: 

All the initial pages of the Internet with (.php4), can be affected with this bug.

When going to "www.example.com/something.php3",

the server will return a page with " Fatal Error " and will show the directory where the page's true location is. 


Example:

"Fatal error: Unable to open /vhmap/i/n/t/exemplo.com.br/todos.php3 in - on line 0

No input file specified."

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-08-03 09:30 UTC] stas@php.net

If you concerned about it, turn error_reporting off.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 10:01:28 2024 UTC